
from urllib.parse import unquote
# text = unquote(text, 'utf-8')
a=[]
with open("sql_map1.pcapng","rb") as f:
    for i in f.readlines():
        i1=unquote(i,"utf-8").strip()
        if  "id=" in i1  or "Content-Length:" in i1 :
            a.append(i1)

a1=[]
for i in range(len(a)):
    if "id=" in a[i]:
        a1.append(a[i]+a[i+1])

import re
a2=[]
for i in a1:
    ii=re.search(r"id=.*",i).group()
    a2.append(ii)


rar={}
for i in a2:
    if "flag AS NCHAR" in i :
        tmp=[]
        f1=re.search(r",(\d+),1\)\)>(\d+) AND 'busd'='busd HTTP/1.1Content-Length: (\d+)",i).group(1)
        f2=re.search(r",(\d+),1\)\)>(\d+) AND 'busd'='busd HTTP/1.1Content-Length: (\d+)",i).group(2)
        f3=re.search(r",(\d+),1\)\)>(\d+) AND 'busd'='busd HTTP/1.1Content-Length: (\d+)", i).group(3)
        tmp.append(int(f2))
        tmp.append(int(f3))
        rar[f1]=tmp
print(rar)
rar1=""
for i in rar:

    if rar[i][1] == 0:
        rar1+=chr(rar[i][0])
    else:
        rar1 += chr(rar[i][0]+1)
print(rar1)

import base64

with open("1.rar","wb") as f:
    f.write(base64.b16decode(rar1[:-1]))

#密码篇
passwd={}
for i in a2:
    if "password" in i :
        tmp=[]
        f1=re.search(r",(\d+),1\)\)>(\d+) AND 'xdzI'='xdzI HTTP/1.1Content-Length: (\d+)",i).group(1)
        f2=re.search(r",(\d+),1\)\)>(\d+) AND 'xdzI'='xdzI HTTP/1.1Content-Length: (\d+)",i).group(2)
        f3=re.search(r",(\d+),1\)\)>(\d+) AND 'xdzI'='xdzI HTTP/1.1Content-Length: (\d+)", i).group(3)
        tmp.append(int(f2))
        tmp.append(int(f3))
        passwd[f1]=tmp
passwd1=""
for i in passwd:
    if passwd[i][1] == 0:
        passwd1 += chr(passwd[i][0])
    else:
        passwd1 += chr(passwd[i][0] + 1)
print(passwd1)
